X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=cbf18f8b2d0e51ce25bf5e0515b812fd89413fe3;hp=ea744f2f33abdc18eb763aea91bd0d1c51d37756;hb=cd980a5c37a3f4eb1ec643b88f141f12027df2ab;hpb=49c0cfbada5ede43152c053139b32f92441f8e45 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index ea744f2f33..cbf18f8b2d 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -49,6 +49,10 @@ require_once(PATH."inc/modules/admin/admin-inc.php"); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); +// Init return value +$ret = "init"; + +// Is no admin registered? if (!isBooleanConstantAndTrue('admin_registered')) { // Admin is not registered so we have to inform the user if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; @@ -57,10 +61,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { $hashedPass = md5($_POST['pass']); // Kill maybe existing session variables - set_session('admin_login' , ""); - set_session('admin_md5' , ""); - set_session('admin_last' , ""); - set_session('admin_to' , ""); + DESTROY_ADMIN_SESSION(false); // Do registration $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); @@ -86,7 +87,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Admin does already exists! $ret = ADMIN_LOGIN_ALREADY_REG; } else { - // Any other kind + // Any other kind will be logged and interpreted as 'done' + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); + // @TODO Why is this set to 'done'? $ret = "done"; } @@ -198,7 +201,6 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } // END - if // Check if the admin has submitted data or not - $ret = ""; if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { // All required data was entered so we check his account @@ -214,7 +216,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Rewrite overview module if ($GLOBALS['what'] == "overview") { $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); - } + } // END - if // Add data to URL if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; @@ -236,8 +238,14 @@ if (!isBooleanConstantAndTrue('admin_registered')) { $ret = WRONG_PASS." [".ADMIN_RESET_PASS."]\n"; DESTROY_ADMIN_SESSION(); break; - } - } + + default: // Others will be logged + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); + break; + } // END - switch + } // END - if + + // Error detected? if ($ret != "done") { if (!empty($_POST['login'])) { define('__LOGIN_VALUE', $_POST['login']); @@ -247,8 +255,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { if (isset($_POST['ok'])) { // Set messages to zero - $MSG1 = ""; $MSG2 = ""; + // No login entered? if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN; @@ -298,7 +306,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load login form template LOAD_TEMPLATE("admin_login_form", false, $content); - } + } // END - if } elseif (isset($_GET['logout'])) { // Only try to remove cookies if (DESTROY_ADMIN_SESSION()) { @@ -335,23 +343,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Cookie-Data accepted if ((set_session("admin_md5", get_session('admin_md5'))) && (set_session("admin_login", get_session('admin_login'))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) { // Ok, Cookie-Update done - if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { - // Check if action GET variable was set - $act = SQL_ESCAPE($GLOBALS['action']); - if (!empty($GLOBALS['what'])) { - // Get action value by what-value - $act = GET_ACTION("admin", $GLOBALS['what']); - } - - // Check for access control line of current menu entry - define('__ACL_ALLOW', ADMINS_CHECK_ACL($act, $GLOBALS['what'])); - } else { - // Extension not installed so it's always allowed to access everywhere! - define('__ACL_ALLOW', true); - } + // Check for access control line of current menu entry + define('__ACL_ALLOW', RUN_FILTER('check_admin_acl')); // When type of admin menu is not set fallback to old menu system - if (empty($_CONFIG['admin_menu'])) $_CONFIG['admin_menu'] = "OLD"; + if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD"; // Check for version and switch between old menu system and new "intelligent menu system" if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) { @@ -389,6 +385,10 @@ if (!isBooleanConstantAndTrue('admin_registered')) { DESTROY_ADMIN_SESSION(); ADD_FATAL(WRONG_PASS); break; + + default: // Others will be logged + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret)); + break; } }